7.5
CVSSv2

CVE-2017-7555

Published: 17/08/2017 Updated: 09/12/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.

Vulnerability Trend

Affected Products

Vendor Product Versions
AugeasAugeas1.8.0

Vendor Advisories

Synopsis Important: augeas security update Type/Severity Security Advisory: Important Topic An update for augeas is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP Sol ...
Synopsis Important: augeas security update Type/Severity Security Advisory: Important Topic An update for augeas is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Augeas could be made to crash if it received specially crafted input ...
Debian Bug report logs - #872400 augeas: CVE-2017-7555: Improper handling of escaped strings leading to memory corruption Package: src:augeas; Maintainer for src:augeas is Hilko Bengen <bengen@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 17 Aug 2017 05:27:02 UTC Severity: grave Tags: ...
Han Han of Red Hat discovered that augeas, a configuration editing tool, improperly handled some escaped strings A remote attacker could leverage this flaw by sending maliciously crafted strings, thus causing an augeas-enabled application to crash or potentially execute arbitrary code For the oldstable distribution (jessie), this problem has been ...
A vulnerability was discovered in augeas affecting the handling of escaped strings An attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution ...
Oracle Solaris Third Party Bulletin - July 2018 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical P ...
Oracle Linux Bulletin - October 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...